, ,

Securing Blockchain and The Applications of the Future

By Paula Reinman
Coauthored by Salman Baset

From the first work conducted by Stuart Haber and W. Scott Stornetta in 1991 to its entry into the popular lexicon in 2014, blockchain has grown into a young distributed database technology that has the potential to secure and improve transactions from medical records to food delivery to our own personal identity.

As is the case with many new, life-changing technologies, a Marconi Society Young Scholar has a leadership role in defining and applying the new rules. Salman Baset, CTO Security for IBM Blockchain Solutions, was recognized as a Young Scholar in 2008 and has been doing amazing work ever since.

Salman talked with me about blockchain and its potential impact, his focus from a security perspective and how he came to this unique position.

For a technical description of blockchain and its history, click on the Wikipedia definition.

 

Since blockchain is a relatively new concept, let’s start with an overview of who’s using it and why.

SB: Simply put, blockchain is a way to record transactions in a digital ledger. Just as the Internet lets people communicate, blockchain is a peer-to-peer network, sitting on top of the Internet, that lets individuals or organizations to conduct transactions in areas ranging from safe food delivery to global trade and finance to healthcare.

The major applications right now are in cryptocurrencies and in transactions between mutually distrusting parties. To understand the latter, consider this food safety example.

The food industry is concerned with quickly and precisely identifying the sources of foodborne illnesses for effective recalls and to tackle the cost of food waste. Food waste and inefficient recalls cost hundreds of billions of dollars each year. Between the time a crop is harvested by a farmer to the time it ends up at a retailer, several parties including local brokers, truckers, shippers and custom officials have been involved . One would think that it is simply a matter of digitizing the entire food supply chain and making it public. While digitization is needed, making the entire supply chain public has implications for the business models in food delivery all over the world. For example, a farmer may be targeted by criminals if they learned about a bumper food harvest. So how do we collect the information needed for effective food recalls without making the entire supply chain public?

That’s where the blockchain comes in picture. Blockchain uses a shared ledger so that all parties (farmers, local brokers, shippers, truckers) involved in this transaction can interact. It lets parties agree on key transfers and changes in ownership as a crop travels from a farm to a retailer. It establishes trust between mutually distrusting parties, minimizes or eliminates disputes and provides visibility into supply chains. All information is kept on a permissioned ledger that only relevant parties can access.

We must recognize, though, that we are in the very early days of blockchain. While IBM Research has done fundamental work in blockchain consensus protocols and, of course, in crypto algorithms, IBM became involved in the space in 2015 with the establishment of the Hyperledger project under the Linux Foundation, creating prototypes in 2016, and implementing full-blown blockchain solutions this year. The solutions and applications may look much different in five to ten years.

 

Coming back to your mention of cryptocurrencies as an early blockchain application, are bitcoin and blockchain synonomous?

SB: They are not the same thing. Bitcoin is a cryptocurrency that can be implemented using blockchain. There are a couple of key areas where bitcoin is different from blockchain.

Bitcoin uses a public blockchain. This means that bitcoin is an open and non-permissioned network, accessible to anyone who has bitcoin or wants to participate in bitcoin payments. Blockchain networks can be public or permissioned – permissioned blockchains are limited to a set of participants mimicking business relationships and thus only available to those participating in specific transactions.

Also, bitcoin shares only information about bitcoin transactions, whereas blockchain applications can share all kinds of information, including goods bought, sold and moved and financial transactions initiated, completed and cleared.

 

Although blockchains are secure by design, I know there are a lot of potential security concerns. What do you focus on as CTO Security for an organization serving some of IBM’s largest customers?

SB: I concentrate on security from a blockchain, as well as a non-blockchain, perspective. By design, blockchain creates a shared and permanent record of transactions across involved parties. Thus, it is not expected that one would store sensitive information such as social security numbers or personally identifiable information (PII) on the blockchain. At the same time, information such as change in ownership or consent to information can potentially be recorded on blockchain. I spend a lot of time with customers and prospects to understand how they plan to use blockchain, make them aware of the potential security and data privacy issues in permissioned or public blockchains, and developing the governance of permissioned blockchains. I am also developing security best practices focused on the concerns that are unique to blockchain.

 

What about your background that made you the right fit for this job?

SB: Prior to this, I was in IBM Research focusing on security and performance issues in cloud. On the security side, my work included developing a novel language for validating application configurations to meet security and compliance needs (part of IBM Vulnerability Advisor service), identifying potentially vulnerable libraries in mobile applications without access to source code, being security architect of first generation IBM Container Cloud service, and building a patch management for IBM Enterprise Cloud. On the performance side, I led a consortium of cloud, hardware and software companies in Standard Performance Evaluation Corporation (SPEC) in a multi-year effort to develop a first industry standard cloud benchmark for measuring cloud scalability and elasticity. My background in building peer-to-peer communications systems, including my dissertation work, and cloud systems for research and production with a focus on security led IBM to ask me to take on my current position of leading security for blockchain solutions that we build for our biggest customers.

 

As an underlying technology, blockchain can potentially impact many aspects of our lives. What are some of the key developments that you are watching?

SB: There are a number of very interesting implications of the technology.

  • Digital identity: 1.1B people live without an officially recognized identity.   One of the United Nations’ 2030 Sustainable Development goals is to provide legal identity for all, including birth registration since many children in emerging countries have no official identification until they get their first vaccination. In developed countries, sharing identity information in a privacy-preserving way is of key concern. I represent IBM in external efforts to coalesce around an industry point of view on identity.
  • Smart Contracts: Blockchain allows organizations to write smart contracts, which will replace today’s paper-based contracts. Machines will execute these new contracts. These smart contracts need to be written correctly and executed flawlessly. The flawless execution is important to avoid potential double spending problem, where an account may potentially be debited twice for the same payment. Designing provably correct smart contracts and executing them across a wide-range of industries will likely be a major area of research and development in the coming years.
  • Governance: We need policies and governance structure to clarify who operates blockchain – especially permissioned blockchain – and what happens when something goes wrong. For example, a farmer may not be expected to have a computing infrastructure for maintaining a distributed ledger, but a large retailer will likely want to have such infrastructure. How does a farmer post his or her crop data on blockchain, potentially through intermediaries, to enable retailers for potential recalls? Similarly, how can banks participating in a blockchain network for financial transactions deploy and test a smart contract when it goes into production? And what happens when the smart contract does not behave correctly?

While we do not know what tomorrow’s blockchain applications and solutions will look like, we think it’s a pretty good bet that Salman Baset will have influenced those outcomes on a global level.

 

To learn more about blockchain:

The Truth About Blockchain, Harvard Business Review, January, 2017

What is Blockchain and Why is it Growing in Popularity, Ars Technica, November 16, 2016

Blockchain: The Invisible Technology That’s Changing the World, PC Magazine, February 6, 2017